AES Ciphers in OpenSSL 0.9.8a

Mon, 05 Dec 2005 07:23:08 -0800 

Hi:

I am trying to enable the following AES cipher suites in TLS:

  TLS_RSA_WITH_AES_256_CBC_SHA
  TLS_RSA_WITH_AES_128_CBC_SHA
  TLS_RSA_WITH_3DES_EDE_CBC_SHA

I can get the last one, but cannot seem to get the first two.
Here is the SSL context being set up by the client (note the
cipher suite list string):

   SSL_CTX *ctx;

   ctx = SSL_CTX_new(SSLv23_method());
   if (ctx)
   {
     SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2);
   }
   if (SSL_CTX_set_cipher_list(ctx,
       "ALL:!DH:!EXP:!RC4:@STRENGTH") != 1)
   {
       //...
   }

When I use the same cipher list from the "openssl" command
line, it appears that the ciphers are there (AES256-SHA and
AES128-SHA):

$ openssl ciphers -v 'ALL:!DH:!EXP:!RC4:@STRENGTH'
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5

Here is a dump from ssldump (note the two "Unknown value"
ciphers; they appear to correspond to AES_256 and AES_128):

  New TCP connection #1: 127.0.0.1(53991) <-> 127.0.0.1(9991)
  1 1  0.0006 (0.0006)  C>S  Handshake
        ClientHello
          Version 3.1
          cipher suites
          Unknown value 0x35
          TLS_RSA_WITH_3DES_EDE_CBC_SHA
          Unknown value 0x2f
          TLS_RSA_WITH_IDEA_CBC_SHA
          TLS_RSA_WITH_DES_CBC_SHA
          compression methods
                    NULL
  1 2  0.0051 (0.0045)  S>C  Handshake
        ServerHello
          Version 3.1
          session_id[32]=
            78 cb 98 1f af c6 ee 9a b3 be 26 c0 48 4e 63 e9
            a3 9f 51 d9 53 99 6a 11 27 a8 4c c6 45 d7 4d e8
          cipherSuite         Unknown value 0x35

Anything leaps out to you folks as something I am doing blatantly
wrong?  While compiling the distribution, I in no way inhibited
the compilation of AES into the library, so it should be there
(at least the 'openssl ciphers' command appears to indicate that
AES support is in there).

Thanks for your help.

- vijay
--
Vijay K. Gurbani  [EMAIL PROTECTED],research.bell-labs.com,acm.org}
Lucent Technologies/Bell Laboratories, 2000 Lucent Lane, Rm 6G-440
Naperville, Illinois 60566     Voice: +1 630 224 0216
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to